Server apparatus and method of preventing denial of service attacks, and computer program product

Abstract

A server apparatus receives a query message, calculates an identifying data based on an address and a query name containing in the query message, creates a response message containing the identifying data for requesting a redirect reply or a response message containing an answer to the query name, determines whether the query message is a redirect message and further determines whether the response message containing the answer is larger than a threshold value, and finally transmits either one of the response messages.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This application is based upon and claims the benefit of priority from the prior Japanese Patent Application No. 2006-291521, filed on Oct. 26, 2006; the entire contents of which are incorporated herein by reference.BACKGROUND OF THE INVENTION[0002]1. Field of the Invention[0003]The present invention relates to a server apparatus, a method, and a computer program product that can prevent denial-of-service attacks caused by transmitting a response packet that is amplified by a packet in which a query source is personated.[0004]2. Description of the Related Art[0005]Domain name system (DNS), one of backbone functions for the Internet, is a client-server database system for providing services based on data associated host names with internet protocol (IP) addresses. A DNS client transmits a query packet containing a specific domain name (such as a host name) to a server, and the server processes the query packet and transmit back to the clie...

AI Technical Summary

Benefits of technology

[0013]According to another aspect of the present invention, a method of preventing denial-of-service attack to a server apparatus capable of communicating with at least one of client apparatuses via a network, the method includes receiving via the network a first query message that contains address data for indicating a source client apparatus and query data concerning a question; calculating a first identifying data based on the address data contained in the first query message; relating the first identifying data with the query data; creating a first response message that contains the query data related with the first identifying data and reply requesting data for requesting to transmit the question again; transmitting the first response message to the client apparatus specified by the address data; receiving via the network a second query message that contains the address data and the query data related with the first identifying data; calculating a second identifying data based on the address data contained in the second query message; determining validity of the client apparatus that has specified by the address data based on the first identifying data related with the query data contained in the second query message and the second identifying data; creating a second response message that contains an answer to the query data when the client apparatus specified by the address data is determined to be valid; and transmitting the second response message to the client apparatus specified by the address data.

Problems solved by technology

As a data size of a response packet is larger than that of the query packet corresponding to itself, the attacker node can cause a severe damage with a relatively small band.

It means that the nodes on the network having a possibility to be attacked are restricted.

However, the authoritative server, which has to respond every queries regardless of which client is transmitted the query, can not employ the technique.

It means that the system does not effectively work until all of the existing clients on the Internet support the system used in the technique.

Images